tcpdump is great for grabbing packets off the wire. But it's not that great of an analyser. That's where things like wireshark come in handy, to analyse the flow and trace files that you generate using tcpdump.